The Italian Data Protection Authority’s recent decision provided guidance on the true meaning of personal data anonymization and the crucial distinction between the DPO as a monitor – not an executor. In a world driven by AI...more
The rise of artificial intelligence (AI) and its widespread availability offers significant growth opportunities for businesses. However, it necessitates a robust governance framework to ensure compliance with regulatory...more
Employers are increasingly monitoring and filtering the web browsing habits of employees. The Commission Nationale de l’Informatique et des Libertés (CNIL) recently released new guidance (for public comment) on how...more
The UK Information Commissioner’s Office’s (the ICO’s) latest Annual Report summarises its accomplishments and priorities, including last year’s enforcement actions. Based on our review of the report, we see the ICO focusing,...more
The European Data Protection Board recently published its draft Guidelines 02/2025, which remain open to consultation until 09 June 2025. Stakeholders in the blockchain industry are encouraged to submit any observations...more
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more
The stakes are high for FemTech – as Benjamin Franklin noted: ‘it takes many good deeds to build a good reputation and only one bad one to lose it.’...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Organisations should expect increased scrutiny and enforcement activity around the role of data protection officers in the coming year. The European Data Protection Board (EDPB) has announced that its coordinated...more
The collection of personal data by organizations in the sports industry creates unique data privacy challenges. Generally, a business-to-consumer organization is focused on the personal data of its customers and separately...more
The UK government has recently published proposals to amend UK data protection legislation with moves towards divergence from EU rules and regulation following the UK’s decision to leave the EU (“Brexit”). The Data Protection...more
The Information Commissioner’s Office (ICO) recently released its response to the UK government consultation, ‘Data: A new direction’. The consultation was conducted by the Department for Digital, Culture, Media and Sport...more
Data Protection Commission Ireland has issued a report on the responses it received to its public consultation on its guidance on children’s rights. Of particular note is the careful consideration the commission gave the...more
The Information Commissioner’s position paper on the UK government’s proposal for a trusted digital identity system provides insight into the interplay between data protection and digital identity. Key Points- •Given...more
Earlier this year, the European Data Protection Board (“EDPB”) issued additional guidance on the application of the General Data Protection Regulation (“GDPR”) in the area of scientific health research. In key takeaways...more
Generally, contact tracing refers to an effort by public health officials to identify individuals with whom a patient who has tested positive for an infectious disease has been in close proximity. Public health officials will...more
In addition to the potential uses of contact-tracing apps, discussed recently in episode 1 of the Global Solutions series, most employers now conduct some form of employee screening or monitoring to help prevent the spread of...more
The French Data Protection Authority (CNIL) published new Guidelines (French only) on December 10, 2019 applicable to whistleblowing schemes, following a public consultation process. The Guidelines replace the former Single...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ——— (b) Relevant legislation includes: ...more
Q1/ Applicable legislation (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ———...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? New legislation has been passed. ———...more
Q1/ Applicable legislation - (a) Have the requirements of the GDPR been addressed by introducing a new law, or by updating existing legislation? Old legislation has been updated. ——— (b) Relevant legislation...more
Data protection authorities (DPAs) in the European Union (EU) continue to scrutinize practices in the adtech sector for compliance with the EU’s General Data Protection Regulation (GDPR) and local data protection and...more
The interaction between the General Data Protection Regulation (2016/679) (“GDPR”) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) (“PECR”) has been vexing for some time now. As a...more